Lucene search

SynologyCVELIST:CVE-2020-27653

HistoryOct 29, 2020 - 8:55 a.m.

CVE-2020-27653

2020-10-2908:55:21

CWE-327

synology

www.cve.org

cve-2020-27653

quickconnect

synology router manager

man-in-the-middle

spoof servers

sensitive information

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.

CNA Affected

[
  {
    "product": "Synology Router Manager (SRM)",
    "vendor": "Synology",
    "versions": [
      {
        "lessThan": "1.2.4-8081",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.synology.com/security/advisory/Synology_SA_20_14

www.talosintelligence.com/vulnerability_reports/TALOS-2020-1061

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

45.5%

JSON

Related for CVELIST:CVE-2020-27653